Научная статья на тему 'On the issue of criminal responsibility for the creation, use and distribution of “botnets”'

On the issue of criminal responsibility for the creation, use and distribution of “botnets” Текст научной статьи по специальности «Право»

CC BY
167
48
i Надоели баннеры? Вы всегда можете отключить рекламу.
Журнал
European science review
Область наук
Ключевые слова
COMPUTER CRIME / CYBER CRIMINALS CRIMES IN THE SPHERE OF COMPUTER INFORMATION / MALICIOUS COMPUTER SOFTWARE / BOTNET

Аннотация научной статьи по праву, автор научной работы — Evdokimov Konstantin Nikolaevich

The purpose of a scientific article is to analyze the existing scientific approaches and opinions on the creation, use and distribution of malicious computer networks (botnets) and proposals for combating this criminal phenomenon. The author proposes a new wording of Art. 273. 1 of the Criminal Code providing for criminal responsibility for the above act, which should increase the efficiency of the Russian criminal law in the fight against computer crime.

i Надоели баннеры? Вы всегда можете отключить рекламу.
iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.
i Надоели баннеры? Вы всегда можете отключить рекламу.

Текст научной работы на тему «On the issue of criminal responsibility for the creation, use and distribution of “botnets”»

On the issue of criminal responsibility for the creation, use and distribution of “botnets”

9. Podshivalov V. E. Nezakonnaya migratsiya: mezhdunarodno-pravovoy podhod//Pravovedenie. - 2002. # 4. S. 185-191.

10. Totskiy N. N. Vvedenie v migratsionnoe pravo. - M. - 1999. - 281 s.

11. Nechevina N. D., Plyasova I. V. Kriminalnaya immigratsiya v sovremennoy Rossii: kriminologicheskiy ugolovnyiy i administrativnyiy aspektyi. - M. - 2006. - 122 s.

12. Magerramov M. A. Nelegalnaya migratsiya: ponyatie, obschestvennaya opasnost, ugolovno-pravovoe i kriminologicheskoe protivodeystvie (po materialam Rossii i Azerbaydzhana). - avtoref. ... diss. kand. yur. nauk. - M., 2008. - 26 s.

13. Predyibaylo V. A. Kriminologicheskaya harakteristika i profilaktika nezakonnoy migratsii v Rossii: obschefederalnyiy i regionalnyiy aspektyi. - avtoref. ... diss. kand. yur. nauk. - M., 2012. - 22 s.

14. Barannik M. I. Kriminologicheskie i pravovyie problemyi borbyi s nezakonnoy migratsiey: [Elektron. resurs]. - 2001. URL: http://www. crime.vl.ru/index.php?p=1102&more=1&c=1&tb=1&pb=1 (data obrascheniya 03.10.2015).

15. Dzhafarov S. A. Natsionalnaya bezopasnost Rossii (aspektyi: grazhdanstvo, inostrantsyi, transnatsionalnaya nezakonnaya migratsiya)/S. A. Dzhafarov. In-t demografii, migratsii i regionalnogo razvitiya. - M.: TsTM-Press, 2007. - 599 s.

Evdokimov Konstantin Nikolaevich, Associate Professor of the Chair of State and Law Disciplines of the Irkutsk Law Institute Affiliated with the Academy of the General Prosecutor’s Office of the Russian Federation PhD in Law, Associate Professor E-mail: [email protected]

On the issue of criminal responsibility for the creation, use and distribution of “botnets”

Abstract: The purpose of a scientific article is to analyze the existing scientific approaches and opinions on the creation, use and distribution of malicious computer networks (botnets) and proposals for combating this criminal phenomenon.

The author proposes a new wording ofArt. 273. 1 of the Criminal Code providing for criminal responsibility for the above act, which should increase the efficiency of the Russian criminal law in the fight against computer crime.

Keywords: computer crime, cyber criminals crimes in the sphere of computer information, malicious computer software, botnet.

The use of modern information technology in the banking, commercial, industrial, scientific, educational, cultural and other spheres of public life deterministic occurrence of computer crime in the Russian Federation, as well as its quantitative and qualitative development.

In addition, recent years marked by the appearance of new forms and methods of committing computer crimes. One such criminal acts that represent the author's opinion, a significant threat to Russian society and the world community, is the creation, use and dissemination in cyberspace “botnets"

Unfortunately, in the legal literature we find a serious study of the problems mentioned, except for rare mentions of “botnet" in connection with the use of malicious computer programs. Therefore, let us turn to the opinions of technicians and experts in the field of information security.

So Kovalevsky A. I. said that “botnet — a computer network consisting of a number of hosts, with advanced bots (special program is performed automatically and/or on a predetermined schedule any action through the same interface as normal user)” [1, 35].

According Komarov A. A. and Nazarov A. N. “botnet” is a network of infected computers, ie computers, turned into robots (bot), under external control, or under the control of malicious code, embedded in the system one way or another [2, 141].

In turn, foreign literature states that “botnet” — a network of compromised hosts, managed by some malicious software (bot). Boat is an autonomous part of malicious software, which is controlled remotely. Botnets are created by infecting the computer without the knowledge or consent of the owner, for example, by sending viruses attached to emails [5, 1].

However, all researchers, without exception, agree that botnets (bot networks) are used to perform a variety of different illegal acts:

bulletproof hosting (placing pornographic, terrorist content), carrying out all the attacks of the “distributed denial of service” spyware malware, theft of confidential data, large-scale spamming “wrap” clicks [3, 89].

Based on the above, we can conclude that the “botnet” is a network of computers or other computing devices (smartphones, iPhones, aypadov et al.) Infected with special malware “bot” that enables cybercriminals to remotely control infected machines (each individually or part of a computer within the network, or across a network of computing devices entirely) without the user's knowledge, with the purpose of spamming, implementation of DDOS-attacks kibershantazha, anonymous Internet access, kibersabotazha, phishing, cyber-terrorism, and the illegal use of resources affected computers and other illegal actions.

In the Russian Federation, judicial practice in criminal cases involving crimes in the sphere of computer information, using a “botnet”, few in number, because these are high-tech crime, cross-border and latent, which complicates the possibility of their identification and disclosure. Meanwhile, convictions for such categories of criminal cases are sometimes submitted by the Russian courts.

For example, January 21, 2014 Sayan city court of the Irkutsk Region to 2 years imprisonment with probation for 1 year was sentenced c. M, committed a crime under Part. 2 tbsp. 272, h. 2, Art. 273 of the Criminal Code. In particular, M. with the help of his “botnet” employment exercised for cash consideration of DDoS-attacks on Internet resources of commercial firms. The investigation established that the accused September 27, 2012 for $ 100 made a DDoS-attack on an Internet resource «otkritie.com»; November 22, 2012 for US $ 200 on an Internet resource «4glaza. ru»; on the night of 28 to 29 November 2012 for US $ 1,000 on a

229

Section 12. Science of law

site «uralmetalcompanv.ru», owned by LLC “Ural metalworking company."

High latency “botnets" of criminal versatility and the possibility of causing significant material damage to citizens, organizations, governments, no doubt, is the Russian society and the state increased risk. According to the author, botnets are none other than the hightech “information" weapon that is used for making various kinds of computer prestupleniyi in its action compared with firearms or explosive devices, and the scale of harm is greater than their ability. Therefore, we believe that the perpetrators must be held criminally responsible for the creation, use and distribution of “botnets", as well as for creating, carrying, storage, sale of weapons or explosives.

Furthermore, the author believes that the rate applied by the courts Art. 273 of the Criminal Code providing for criminal responsibility for the creation, use and distribution of malicious computer programs do not cover fully considered a criminal act.

The author's position is based on the fact that the use of malicious computer program — “bot" is only at the initial stage when infected computers and the creation of botnets. In the future, to create a “botnet", the offender receives vozmozhnostdlya unauthorized access and remote control of infected computers. At the same time, in the future, not the perpetrator uses a malicious software program itself, and the technical and information resources of “zombie" -Computer to commit other crimes that are not provided for dispositions ofArt. Art. 272, 273 of the Criminal Code.

Thus, according to the author, the use of “botnets", and according to their production and distribution is a separate criminal act, the meaning ofwhich is to obtain and use of “information weapons" to commit other crimes.

It should also be noted that this criminal act is inherently a bit like illegal occupation of automobile or other vehicle without a purpose of plunder (stealing), which provides art. 166 of the Criminal Code. As in the case of the theft of a vehicle, the offender does not carry out unlawful uncompensated seizure, and (or) treatment of another's property (the computer) in their favor, as infected computer is still owned by its rightful owner. However, the “bot master"

unlawfully uses technical and information capabilities “zombie" -Computer for their needs, as well as a car thief, seizing someone else's car, the trip carries on it with no intention to assign the vehicle and turn it into their property.

With this in mind, the author proposes to add to the Criminal Code of the Russian Federation Art. 273. 1, which includes responsibility for the creation, use and distribution of “botnets", worded as follows:

“Article 273.1 The creation, use and distribution of malicious computer network (botnet)

1. The creation, distribution or use of malicious computer network or other computing devices, deliberately designed to unauthorized destruction, blocking, modification, copying of computer information or neutralize the protection of computer data, as well as carrying out other illegal activities - shall be punished by restriction of freedom for up to four years, or community service for up to four years, or imprisonment for the same term with a fine of up to two hundred thousand rubles or the salary or other income for a period of eighteen months.

Notes. Under malicious computer network (botnet) refers to a network of computers, and (or) other computing devices infected with a malicious computer program (bot), allows you to remotely control the infected machines (individually or as part of computers in the network or the entire network of computer devices entirely) without the consent of the owner (user) to the illegal use of the resources of infected computers, and (or) other computing devices, including the commission of unlawful acts."

In conclusion, it should be noted that the dispositions and sanctions proposed Article 273. 1 of the Criminal Code were as close as possible to the author of the current version of Art. 272, 273 of the Criminal Code, in order to avoid violations of the rules of legal technique, as well as the emergence of conflicts and competition between these criminal law. In addition, we believe that the issue of changing the sanctions considered standards should be based on a thorough analysis of the existing judicial practice that is the subject of the following research.

References:

1. Kovalevsky A. I. Botnet networks and their traffic//Natural and mathematical sciences in the modern world, 2014, no. 2. P. 35-39.

2. Komarov A. A. and Nazarov A. N. Functional requirements for a system to detect and counter the botnet attacks on corporate net-works//Technics of communication. Series: Tehnikatelevideniya, 2013, no. 1. P. 140-151.

3. Kosenko M. Y. and Melnikov A. V The method of identifying botnets based multi-agent approach//Journal of Voronezh State University. Series: System analysis and information technologies, 2015, no. 2. P. 89-96.

4. Sachkov I. K. and Nazarov A. N. Automation boat counter-attacks//T-Comm: Telecommunications and Transportation. T, 2014, no.6, P. 5-9.

5. Ianelli N. and Hackworth A. Botnets as a vehicle for online crime//CERT Coordination Center, 2005. P. 1-28.

6. The criminal case № 1-14/2014//Archive Sayan City Court of Irkutsk region for 2014.

230

i Надоели баннеры? Вы всегда можете отключить рекламу.